package com.zhiying.config;

import java.util.HashMap;
import java.util.Map;

import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class ShiroConfig  {
	
	
	@Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(org.apache.shiro.mgt.SecurityManager securityManager){
        System.out.println("==>login");
		ShiroFilterFactoryBean shiroFilterFactoryBean=new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String,String> fMap=new HashMap<>();
        //拦截页面
//        fMap.put("/all","authc");
//        fMap.put("/one","authc");
        //拦截未授权
//        fMap.put("/all","perms[user:all]");
//        fMap.put("/one","perms[user:one]");
        //被拦截返回登录页面
        // 设置拦截器
        //游客，开发权限
//        fMap.put("/guest/**", "anon");
        //用户，需要角色权限 “user”
        fMap.put("/", "roles[admin]");
        fMap.put("/**", "roles[admin]");
        //管理员，需要角色权限 “admin”
        //fMap.put("/main", "roles[admin]");
        //fMap.put("/main/**", "roles[admin]");
        //fMap.put("/**/**", "roles[admin]");
        //开放登陆接口
        fMap.put("/login", "anon");
        //其余接口一律拦截
        //主要这行代码必须放在所有权限设置的最后，不然会导致所有 url 都被拦截
        //fMap.put("/**", "anon");
        //fMap.put("/captcha-image.jpg/**", "anon");
        fMap.put("/captcha-image.jpg", "anon");
        fMap.put("/static/**", "anon");
        fMap.put("/loginIndex", "anon");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(fMap);
        
        shiroFilterFactoryBean.setLoginUrl("/login");
        //授权拦截返回页面
        shiroFilterFactoryBean.setUnauthorizedUrl("/login");
        
        shiroFilterFactoryBean.setSuccessUrl("/main");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(fMap);
        return shiroFilterFactoryBean;
    }
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager defaultWebSecurityManager=new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(userRealm);
        return defaultWebSecurityManager;
    }
    @Bean("userRealm")
    public UserRealm getUserRealm(@Qualifier("hashedCredentialsMatcher") HashedCredentialsMatcher matcher){
    	UserRealm userRealm = new UserRealm();
    	userRealm.setAuthorizationCachingEnabled(false);
    	userRealm.setCredentialsMatcher(matcher);
        return userRealm;
    }
    
//    @Bean
//    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
//        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
//        advisor.setSecurityManager((org.apache.shiro.mgt.SecurityManager) securityManager);
//        return advisor;
//    }

	/*
	 * @Bean public CacheManager cacheManager(){ return new EhCacheManager(); }
	 */

    @Bean("hashedCredentialsMatcher")
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        //指定加密方式为MD5
        credentialsMatcher.setHashAlgorithmName("MD5");
        //加密次数
        credentialsMatcher.setHashIterations(6);
        credentialsMatcher.setStoredCredentialsHexEncoded(true);
        return credentialsMatcher;
    }
    @Bean
    public SessionDAO sessionDAO(){
        return new EnterpriseCacheSessionDAO();
    }

    @Bean
    public SessionManager sessionManager(SessionDAO sessionDAO){
        DefaultWebSessionManager manager = new DefaultWebSessionManager();
        manager.setSessionDAO(sessionDAO);
        manager.setGlobalSessionTimeout(3600000);
        manager.setSessionValidationInterval(3600000);
        return manager;
    }

}
